The False Sense of Security in Password Manager Software: How to Avoid the Risks

Managing passwords across the many different sites you visit or where you have online accounts can be a lot of information to retain, especially if you’re doing what you’re supposed to do — using a different password for every site. That’s why some of us store passwords in documents, spreadsheets or notes, and many of us store some of our (hopefully) less-critical passwords in the browser itself to make life easier, however, not all browser password managers are secure or encrypted.

The Convenience of a Password Manager

But the people who really can’t be bothered to come up with multiple variations of passwords they will be able to remember, and prefer a more organized, and more secure, encrypted solution, use password manager software. All they need to do is remember one single master password to unlock the tool and – voila! – there’s the password list, safely tucked away under lock and key in the password manager. How convenient.

Password managers:

allow you to copy the password from the manager and paste it into the login form required, avoiding typing in the password, character by character

perform auto-logins for you, without you having to type or copy/paste anything

…and some are free, but here at Raxco, we’re wary of software that offer critical services for free — who’s behind the software? What are they getting out of giving away a free product where they have access to your most critical information?

All of the above features that password managers can provide are a great convenience. But there is a false sense of security when using a password manager.

3 Security Issues with Password Managers

First, you must type or copy the password from your password manager into the form (and if you don’t, your password manager software might do it for you). The problem here is three-fold:

If you’re not protected by anti-keylogger software, the password you type into the form can be captured by keylogger spyware that you may not even realize is on your machine.

If you are protected by anti-keylogger software, you’re still at risk. Some people copy and paste passwords instead of typing them in, thinking their password is safe because any potential spyware cannot see the characters typed in, because you are not typing them in — you’re doing a simple copy/paste instead. The problem is, most security software – including anti-keylogger protection – cannot and do not prevent clipboard loggers from stealing your login info from the invisible “clipboard” where you copied your password to, before pasting it into the form.

The last thing to consider about password manager software is that all your passwords are in one place. All the hacker needs is the one master password you use to access all of your logins. So without keylogger and clipboard logger protection, you may be out of luck.

How Do You Find Out if You’re Safe from These Threats?

There are a couple steps you can take to ensure you don’t fall victim to the false sense of security provided by password managers and other security tools and software.

Run Our Clipboard Logger Test

Whether your antivirus software is or isn’t protecting you from keyloggers, there is no guarantee that you are protected against clipboard loggers. Run our test clipboard logger simulator to find out if everything you copy, cut or paste (like username logins and passwords from a document or spreadsheet) are protected from spyware thieves.